下载者继续

显示全部楼层 · 发表于 2008-2-1 14:58:22

瑞星杀剩下一个

有几个链接失效了

[UPDATE]
version=0
[URL]
Index=20
web1=http://www.7oo7.net/hhh/1.exe
web2=http://www.7oo7.net/hhh/2.exe
web3=http://www.7oo7.nethhh//3.exe
web4=http://www.7oo7.net/hhh/4.exe
web5=http://www.7oo7.net/hhh/5.exe
web6=http://www.7oo7.net/hhh/6.exe
web7=http://www.7oo7.net/hhh/7.exe
web8=http://www.7oo7.net/hhh/8.exe
web9=http://www.7oo7.net/hhh/9.exe
web10=http://www.7oo7.net/hhh/10.exe
web11=http://www.7oo7.net/hhh/11.exe
web12=http://www.7oo7.net/hhh/12.exe
web13=http://www.7oo7.net/hhh/13.exe
web14=http://www.7oo7.net/hhh/14.exe
web15=http://www.7oo7.net/hhh/15.exe
web16=http://www.7oo7.net/hhh/16.exe
web17=http://www.7oo7.net/hhh/17.exe
web18=http://www.7oo7.net/hhh/18.exe
web19=http://www.7oo7.net/hhh/19.exe
web20=http://www.7oo7.net/hhh/20.exe

样本：

瑞星病毒查杀结果报告
清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.luc
病毒： Trojan.PSW.Win32.XYOnline.abc
病毒： Worm.Win32.PaBug.GEN
病毒： Trojan.PSW.Win32.GamesOnline.mh
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GameOL.luk
病毒： Trojan.PSW.Win32.ZhengTu.ymy
病毒： Trojan.PSW.Win32.GamesOnline.ma
MAC 地址：00:00:00:00:00:00
用户来源：局域网
软件版本：20.29.40

显示全部楼层 · 发表于 2008-2-1 14:59:50

Starting the file scan:

Begin scan in 'E:\i.rar'
E:\i.rar
  [0] Archive type: RAR
  --> i\1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> i\10.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> i\13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw
  --> i\18.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.26
  --> i\2.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> i\20.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ode
  --> i\3.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> i\4.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.29
  --> i\5.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> i\6.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!

End of the scan: 2008年2月1日  15:00
Used time: 00:20 min

The scan has been done completely.

   0 Scanning directories
   11 Files were scanned
   9 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-1 15:01:23

ClamAV

I:\virus\test/i/1.exe: PUA.Packed.UPack FOUND
I:\virus\test/i/10.exe: PUA.Packed.UPack FOUND
I:\virus\test/i/13.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/i/18.exe: Trojan.QQPass-493 FOUND
I:\virus\test/i/2.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/i/20.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/i/3.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/i/4.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/i/5.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/i/6.exe: PUA.Packed.UPack-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 201320
Engine version: 0.92
Scanned directories: 2
Scanned files: 10
Infected files: 10
Data scanned: 0.36 MB
Time: 6.703 sec (0 m 6 s)

IKARUS
I:\virus\test\i\1.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\test\i\10.exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
I:\virus\test\i\13.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\i\18.exe - Signature 'Trojan-Proxy.Win32.Delf.AN' found
I:\virus\test\i\2.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\i\20.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\test\i\3.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\i\4.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\i\5.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\i\6.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found

10 Files scanned
(0 Archives with 0 files)
10 Signatures found
0 Suspect code-parts found
Used time: 0:00.328

显示全部楼层 · 发表于 2008-2-1 15:02:11

费尔 8个

显示全部楼层 · 发表于 2008-2-1 15:03:50

ESET 10
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\1.exe - a variant of Win32/PSW.OnLineGames.NMN trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\10.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\18.exe - Win32/PSW.QQPass.NCV trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\2.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\20.exe - Win32/TrojanDownloader.Small.NZL trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\3.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\4.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\5.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\i.rar » RAR » i\6.exe - a variant of Win32/PSW.OnLineGames.MUG trojan

显示全部楼层 · 发表于 2008-2-1 15:04:37

All killed

显示全部楼层 · 发表于 2008-2-1 15:15:15

智能实验室-杀马(Defendio) 扫描威胁日志记录
版本 4.25.0.930
数据更新版本:24358
数据更新日期:2008-01-30 18:15
开始时间: 15:18:00
启发式: 最高
压缩文件: 是
内存区域: 否
注册表: 否
系统区域: 否

扫描所选择的目录和文件...

对象: 启发识别：Heur/Susp.PackedPE.000045DA-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\1.exe
威胁: Heur/Susp.PackedPE.000045DA
状态: 已经忽略

对象: 启发识别：Heur/Susp.Trojan-PSW.Win32.Agent.29.0.00007E00，风险76%，加壳：UPX v0.89.6 - v1.02 / v1.05 - v1.22-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\10.exe
威胁: Heur/Susp.Trojan-PSW.Win32.Agent.29.0.00007E00
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.00004730，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\13.exe
威胁: Heur/Susp.PackedPE.00004730
状态: 已经忽略

对象: 启发识别：Heur/Susp.Trojan.Win32.Agent.32.2.00008679，风险76%，加壳：UPX v0.89.6 - v1.02 / v1.05 - v1.22-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\18.exe
威胁: Heur/Susp.Trojan.Win32.Agent.32.2.00008679
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.00004A4C，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\2.exe
威胁: Heur/Susp.PackedPE.00004A4C
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.00004E54，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\3.exe
威胁: Heur/Susp.PackedPE.00004E54
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.00005B24，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\4.exe
威胁: Heur/Susp.PackedPE.00005B24
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.00005888，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\5.exe
威胁: Heur/Susp.PackedPE.00005888
状态: 已经忽略

对象: 启发识别：Heur/Susp.PackedPE.000045E4，风险8%，可能是受损的程序，加壳：nSpack v2.3 -> Liu Xing Ping-->>C:\Documents and Settings\zh\桌面\新建文件夹\i\6.exe
威胁: Heur/Susp.PackedPE.000045E4
状态: 已经忽略

扫描耗时: 0小时0分钟2秒
已检查: 12 个
实际扫描:  12 个
程序文件:  10 个
压缩文件:  0 个
多媒体文件:0 个
图片文件:  0 个
邮件文件:  0 个
其它文件:  2 个
发现威胁:  9 个
已清除: 0 个
已隔离: 0 个
未处理: 0/9 个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.luc
病毒： Trojan.PSW.Win32.XYOnline.abc
病毒： Worm.Win32.PaBug.GEN
病毒： Trojan.PSW.Win32.GamesOnline.mh
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GameOL.luk
病毒： Trojan.PSW.Win32.ZhengTu.ymy
病毒： Trojan.PSW.Win32.GamesOnline.ma

用户来源：互联网

软件版本：20.29.40

显示全部楼层 · 发表于 2008-2-1 15:19:23

9个搞定

1个可疑

显示全部楼层 · 发表于 2008-2-1 15:40:10

扫描报告
2008年2月1日 15:39:25 - 15:39:29
计算机名称: CN-89FF4B9EA4D6
扫描类型: 扫描目标
目标: I:\hanxiaojun\i.rar

--------------------------------------------------------------------------------

结果: 找到 8 恶意软件
Trojan-PSW.Win32.OnLineGames.pry (病毒)
I:\hanxiaojun\i.rar\i\13.exe
Trojan-PSW.Win32.QQPass.asz (病毒)
I:\hanxiaojun\i.rar\i\18.exe
Trojan-PSW.Win32.OnLineGames.pzl (病毒)
I:\hanxiaojun\i.rar\i\2.exe
I:\hanxiaojun\i.rar\i\5.exe
Trojan-PSW.Win32.OnLineGames.ode (病毒)
I:\hanxiaojun\i.rar\i\20.exe
Trojan-PSW.Win32.OnLineGames.pzh (病毒)
I:\hanxiaojun\i.rar\i\3.exe
Trojan-PSW.Win32.OnLineGames.pud (病毒)
I:\hanxiaojun\i.rar\i\4.exe
Trojan-PSW.Win32.OnLineGames.pvm (病毒)
I:\hanxiaojun\i.rar\i\6.exe

显示全部楼层 · 发表于 2008-2-1 15:45:14

detected: Trojan program Trojan-PSW.Win32.OnLineGames.qdg File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\10.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pry File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\13.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.QQPass.asz File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\18.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pzl File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\2.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ode File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\20.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pzh File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\3.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pud File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\4.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pzl File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\5.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pvm File: C:\Documents and Settings\Owner\×ÀÃæ\i.rar/i\6.exe//PE_Patch//UPack

[病毒样本] 下载者继续

本帖子中包含更多资源

10

本帖子中包含更多资源

浏览过的版块